WO2019239658A1 - Dispositif de signalement et procédé de signalement de cyberattaque - Google Patents

Dispositif de signalement et procédé de signalement de cyberattaque Download PDF

Info

Publication number
WO2019239658A1
WO2019239658A1 PCT/JP2019/009946 JP2019009946W WO2019239658A1 WO 2019239658 A1 WO2019239658 A1 WO 2019239658A1 JP 2019009946 W JP2019009946 W JP 2019009946W WO 2019239658 A1 WO2019239658 A1 WO 2019239658A1
Authority
WO
WIPO (PCT)
Prior art keywords
driver
vehicle
cyber attack
notification
information
Prior art date
Application number
PCT/JP2019/009946
Other languages
English (en)
Japanese (ja)
Inventor
泰生 山本
直樹 廣部
泰久 渡辺
Original Assignee
オムロン株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by オムロン株式会社 filed Critical オムロン株式会社
Publication of WO2019239658A1 publication Critical patent/WO2019239658A1/fr

Links

Images

Classifications

    • BPERFORMING OPERATIONS; TRANSPORTING
    • B60VEHICLES IN GENERAL
    • B60RVEHICLES, VEHICLE FITTINGS, OR VEHICLE PARTS, NOT OTHERWISE PROVIDED FOR
    • B60R25/00Fittings or systems for preventing or indicating unauthorised use or theft of vehicles
    • B60R25/10Fittings or systems for preventing or indicating unauthorised use or theft of vehicles actuating a signalling device
    • B60R25/104Fittings or systems for preventing or indicating unauthorised use or theft of vehicles actuating a signalling device characterised by the type of theft warning signal, e.g. visual or audible signals with special characteristics
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F13/00Interconnection of, or transfer of information or other signals between, memories, input/output devices or central processing units
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • GPHYSICS
    • G08SIGNALLING
    • G08BSIGNALLING OR CALLING SYSTEMS; ORDER TELEGRAPHS; ALARM SYSTEMS
    • G08B21/00Alarms responsive to a single specified undesired or abnormal condition and not otherwise provided for

Definitions

  • the present invention relates to an apparatus and a method for notifying a device inside and outside a vehicle of a cyber attack on the vehicle.
  • Patent Document 1 discloses an in-vehicle device that can notify an appropriate external organization even when the owner of the vehicle cannot cope with an emergency such as vandalism or theft in a parked vehicle.
  • an in-vehicle device disclosed in Patent Document 1 includes an abnormality detection unit that detects an abnormality of a vehicle, a vehicle state acquisition unit that acquires an image inside the vehicle, an abnormality detected by the abnormality detection unit, a vehicle Based on the video acquired by the situation acquisition unit, the abnormality content of the vehicle is identified, it is determined whether the abnormality is a highly important abnormality, and if it is determined that the abnormality is a high importance abnormality
  • a security control unit that gives an instruction to notify a notification destination registered in advance of the content of the abnormality.
  • the present invention provides an apparatus and a method for notifying a cyber attack by an appropriate method according to a driver's condition when a cyber attack on a vehicle is detected.
  • a cyber attack notification device that is mounted on a vehicle and notifies a cyber attack on the vehicle.
  • the cyber attack notification device includes a cyber attack detection unit that detects a cyber attack on a vehicle, a driver state input unit that inputs information indicating a driver state, a driver characteristic input unit that inputs information indicating a driver characteristic, A notification method determination unit for determining a device to be notified from among a first device in the second and a second device outside the vehicle such as a mobile phone having a pre-registered telephone number, mail address, etc.
  • An abnormality notification unit that notifies the device of information relating to the detected cyber attack.
  • the notification method determination unit determines whether the driver is inside or outside the vehicle, and determines a device for notifying information based on the determined result.
  • a method for notifying information related to a cyber attack on a vehicle is provided by a cyber attack notification device mounted on the vehicle.
  • the method includes a step in which a control unit of the cyber attack notification device detects a cyber attack on the vehicle, a step in which the control unit acquires a driver's state, and a step in which the control unit acquires information indicating characteristics of the driver; A step in which the control unit determines whether the driver is inside or outside the vehicle, and a mobile phone having the first device in the vehicle and a pre-registered telephone number, e-mail address, etc. based on the determination result by the control unit A step of determining a device that notifies information related to the detected cyber attack from the second devices outside the vehicle, and a step of notifying the determined device of information related to the cyber attack to the determined device; including.
  • the cyber attack when a cyber attack on the vehicle is detected, the cyber attack can be notified by an appropriate method according to the driver's state (for example, the driver's position, mental state, etc.).
  • the figure which showed the example of application to the vehicle-mounted network of the cyber attack notification apparatus of this indication Block diagram showing the configuration of the cyber attack notification device
  • the figure which shows the specific example of a driver state acquisition part, a vehicle state acquisition part, an external notification apparatus, and an in-vehicle notification apparatus Flow chart showing cyber attack notification processing by the cyber attack notification device Diagram showing the conditions for determining the notification method
  • the figure explaining the arrangement of the sweat sensor attached to the handle Diagram showing various parameters that are factors for determining notification contents Illustration for explaining how to obtain information about the mental state of the driver Illustration for explaining how to obtain information about the mental state of the driver Diagram showing an example of attack information Diagram showing an example of correspondence information
  • the inventors of the present application have discovered the following problems in the process of developing a technology for notifying a driver of a cyber attack.
  • cyber attacks may occur regardless of whether or not the driver is in the vehicle, unlike physical attacks such as vandalism that occur during parking. For example, if a notification device outside the vehicle, such as a smartphone, is notified during driving, the driver may be distracted and the driving may be hindered. In addition, even if the driver is away from the parked vehicle and notifies the in-vehicle notification device, the driver may not be aware of the notification and may not be able to deal with cyber attacks. In this way, there may be cases where the driver cannot be surely notified of a cyber attack.
  • the cyber attack notification device detects a cyber attack (for example, DoS attack) in a vehicle based on the vehicle driver state information and the vehicle state information, and the detected cyber attack information is abnormal. Notify the appropriate equipment in an appropriate manner according to the content.
  • a cyber attack for example, DoS attack
  • FIG. 1 is a diagram illustrating a network configuration in a vehicle to which a cyber attack notification device of the present embodiment is applied.
  • in-vehicle networks 200 a and 200 b are provided in a vehicle 50.
  • a plurality of ECUs (Electronic Control Units) 305 are connected to the in-vehicle networks 200a and 200b.
  • the ECU 305 is a device that electronically controls a device connected to the ECU 305 and collects various information from the device.
  • controlled devices such as an engine, a brake, and an actuator for a power window, a camera, and sensor devices for various sensors are connected to the ECU 305.
  • the in-vehicle network 200a and the in-vehicle network 200b are collectively referred to as an “in-vehicle network 200”.
  • the in-vehicle network 200a and the in-vehicle network 200b are connected by the gateway ECU 100.
  • the gateway ECU 100 detects a cyber attack and notifies information related to the cyber attack to at least one of a device in the vehicle (for example, an indicator) and a device 500 (for example, a smartphone) outside the vehicle.
  • the notified device presents information related to the cyber attack to the driver, so that the driver can recognize that the device has received the cyber attack and can take necessary measures.
  • FIG. 2 is a diagram illustrating a hardware configuration of the gateway ECU 100.
  • the gateway ECU 100 includes a CPU 110, and implements a predetermined function to be described later by executing a predetermined program.
  • the CPU 110 another type of general-purpose processor such as an MPU may be used.
  • a processor designed exclusively for realizing a predetermined function may be used. That is, the gateway ECU 100 can include various processors such as a CPU, MPU, GPU, DSP, FPGA, and ASIC.
  • the gateway ECU 100 includes a RAM 120, a ROM 130, and a data storage unit 140.
  • the RAM 120 is a memory that temporarily stores information and programs necessary for the CPU 110 to execute calculations, and is a work area that is appropriately accessed from the CPU 110.
  • the ROM 130 is a memory that stores a program executed by the CPU 110.
  • the program executed by the CPU 110 may be downloaded from a server via a communication line, or may be a gateway via an internal recording medium on a board such as a nonvolatile memory or an external recording medium such as an optical disk or a memory card.
  • the ECU 100 may be provided.
  • the data storage unit 140 is a recording medium that records various information referred to in the control of the gateway ECU 100.
  • the data storage unit 140 can be configured by, for example, an internal recording medium such as a nonvolatile memory, or an external recording medium such as a hard disk (HDD), a solid state drive (SSD), or an optical disk device.
  • an internal recording medium such as a nonvolatile memory
  • an external recording medium such as a hard disk (HDD), a solid state drive (SSD), or an optical disk device.
  • the gateway ECU 100 includes first and second communication interfaces 150 and 160.
  • the first communication interface 150 is a communication circuit or a communication module for exchanging data with the ECU connected to the in-vehicle network 200a.
  • the second communication interface 160 is a communication circuit or a communication module for exchanging data with the ECU connected to the in-vehicle network 200b.
  • the first and second communication interfaces 150 and 160 perform communication in accordance with a CAN (Controller-Area-Network) protocol widely used in an in-vehicle network.
  • the first and second communication interfaces 150 and 160 may perform communication according to a protocol other than the CAN protocol. For example, communication may be performed according to the CAN FD protocol.
  • the gateway ECU 100 and the ECU 305 constitute the attack notification device of the present embodiment.
  • FIG. 3 is a diagram showing a functional configuration of the cyber attack notification device of the present embodiment.
  • FIG. 4 is a diagram more specifically showing each configuration of the cyber attack notification device.
  • the cyber attack notification device 10 includes a driver state acquisition unit 310 that acquires the state of the driver, a vehicle state acquisition unit 320 that acquires the state of the vehicle 50, and a notification that detects a cyber attack and controls notification of the detected cyber attack. It includes a control unit 300 and an abnormality notification unit 380 that notifies that a cyber attack has been received.
  • Driver state acquisition unit 310 acquires a driver's movement, facial expression, and biological information (heartbeat, respiratory state, sweating state, etc.) for determining the mental state of the driver.
  • the driver state acquisition unit 310 includes various ECUs, for example, ECUs 311 to 315.
  • the ECU 311 is connected to a camera 401 that captures an image and acquires an image from the camera 401.
  • the ECU 313 is connected to the seating sensor 403 and inputs a detection signal from the seating sensor 403.
  • the ECU 313 is connected to a sweating sensor 405 that detects the state of sweating by the driver, and receives a detection signal from the sweating sensor 405.
  • the vehicle state acquisition unit 320 acquires various operation states of the vehicle 50 such as the speed, power supply state, and shift position of the vehicle 50.
  • the vehicle state acquisition unit 320 includes various ECUs, for example, ECUs 321 to 325.
  • the ECU 321 is connected to a speed sensor 407 that detects the speed of the vehicle 50.
  • the ECU 323 is connected to the ignition and acquires the power state.
  • ECU 325 is connected to a sensor that detects the shift position, and acquires information on the shift position.
  • the notification control unit 300 includes a cyber attack detection unit 330 that detects a cyber attack, a risk analysis unit 340 that analyzes a risk of the cyber attack, a driver characteristic holding unit 350 that holds information indicating characteristics unique to the driver, and a cyber attack A notification method determination unit 360 that determines the notification method.
  • the notification control unit 300 further includes a driver state input unit 310a that inputs information acquired by the driver state acquisition unit 310, a vehicle state input unit 320a that inputs information acquired by the vehicle state acquisition unit 320, and an abnormality notification unit 380.
  • the functions of the first input unit 310a, the second input unit 320a, and the output units 380a and 380b are realized by the first communication interface 150 or the second communication interface 160.
  • the cyber attack detection unit 330 can detect an attack target and an attack method with a predetermined function. Specifically, the cyber attack detection unit 330 can detect the attack target and the attack method by monitoring the communication and monitoring the deviation from the normal system by the communication monitoring function. Furthermore, the cyber attack detection unit 330 monitors the control processing time and stored information by the control / information monitoring function to monitor the deviation from the normal system and the presence / absence of rewriting to determine the attack target and attack method. Can be detected. Further, the cyber attack detection unit 330 can monitor the current consumption by using the current consumption monitoring function, and monitor whether or not an unauthorized device is connected to the bus, thereby making an attack target and attack method.
  • the attack method includes DoS attack, spoofing insertion, message tampering, message wiretapping, program rewriting, and the like.
  • the attack target includes the entire traveling system, an ECU connected to the traveling system, a message output from the ECU connected to the traveling system, information assets, personal information, money assets, and the like.
  • the cyber attack detection unit 330 includes a cyber attack detection database (hereinafter referred to as “cyber attack detection DB”) 332.
  • FIG. 5 shows the configuration of the cyber attack detection DB 332.
  • the cyber attack detection DB 332 is a database that manages an attack target, an attack method, an attack content, and an ID that identifies the attack content in association with each other.
  • the cyber attack detection DB 332 is stored in the data storage unit 140.
  • the cyber attack detection unit 330 refers to the cyber attack detection DB 332 to identify the attack content.
  • the risk analysis unit 340 analyzes the risk of the attack content specified by the server attack detection unit 330.
  • the risk analysis unit 340 includes a risk analysis database (hereinafter referred to as “risk analysis DB”) 342.
  • FIG. 6 shows the configuration of the risk analysis DB 342.
  • the risk analysis DB 342 manages the score of each viewpoint of safety, privacy, money, operability, and controllability, and the total score of each viewpoint for each attack content.
  • the score indicates the degree of risk, and the higher the score, the higher the risk.
  • the total score for each attack content indicates the degree of risk for that attack content.
  • FIG. 7 is a diagram for explaining the criteria for determining the score for each viewpoint of the risk analysis DB 342. For example, for safety, the score when there is no damage is set to “0”, and the score for a risk that is surely life threatening is set to “4”. The score of each viewpoint of the risk analysis DB 342 is set in advance according to the judgment standard shown in FIG.
  • the driver characteristic holding unit 350 holds information related to characteristics (characters) related to the driving of the driver.
  • the driver characteristics (characters) are classified into “safe driving type”, “attention required type”, “getting accident tendency type”, “severe accident tendency type” and “ It is classified into five types of “accident violation frequent occurrence type”.
  • the driver characteristic holding unit 350 holds information indicating the type of each driver according to the above classification as driver characteristic information.
  • the type obtained based on the OD safety test is used as the driver characteristic, but the driver characteristic is not limited to this.
  • the driver characteristic may be any information as long as it is a driver characteristic that affects driving.
  • the driver characteristic may be information indicating a tendency related to the driving of the driver or information indicating the personality of the driver.
  • the notification method determination unit 360 detects the cyber attack based on information from the driver state acquisition unit 310, the vehicle state acquisition unit 320, the risk analysis unit 340, and the driver characteristic holding unit 350. Determine the notification method.
  • the abnormality notification unit 380 notifies the detected abnormality to at least one of the device arranged inside the vehicle 50 and the device arranged outside the vehicle 50.
  • the device disposed inside the vehicle 50 is, for example, an instrument panel indicator, buzzer, or speaker.
  • Devices arranged outside the vehicle 50 are, for example, a smartphone, a smart key, a mobile phone, and a server. These devices have their identification numbers, telephone numbers, mail addresses, etc. registered in advance in the notification method determination unit 360.
  • Abnormality notification unit 380 includes various ECUs, for example, ECUs 381 to 389.
  • the ECU 381 communicates with the smartphone 511 and transmits predetermined information to the smartphone 511.
  • the ECU 383 communicates with the smart key 512 and transmits predetermined information to the smart key 512.
  • the ECU 385 controls the indicator 521 in the vehicle 50 to display predetermined information.
  • the ECU 387 controls the buzzer 523 in the vehicle 50 and notifies information by voice output.
  • the ECU 389 controls the speaker 525 in the vehicle 50 to output a sound indicating predetermined information.
  • FIG. 8 is a diagram illustrating an example of specific information acquired or monitored by the driver state acquisition unit 310, the vehicle state acquisition unit 320, and the cyber attack detection unit 330.
  • the driver state acquisition unit 310 acquires information related to the driver's heart rate, heart rate fluctuation, respiratory activity, and riding state based on the output signal from the seating sensor 403.
  • the driver state acquisition unit 310 acquires information on the state of mental sweating of the driver based on the output signal from the sweat sensor 405.
  • the driver state acquisition unit 310 acquires information on the driver's boarding state and the driver's facial expression based on the image captured by the camera 401.
  • the cyber attack detection unit 330 monitors communication cycles, communication data, control processing time, and information protection assets on the networks 200a and 200b via various monitoring devices.
  • FIG. 9 is a flowchart showing cyber attack notification processing by the cyber attack notification device 10. The process shown in the flowchart of FIG. 9 is repeatedly executed at predetermined intervals.
  • the cyber attack detection unit 330 detects the presence or absence of a cyber attack on the vehicle 50 based on at least one of the communication cycle, communication data, and control processing time (S11). Cyber attacks can be detected based on known techniques. For example, the cyber attack detection unit 330 can determine that a cyber attack has been received when the communication cycle of a frame transmitted on the bus is significantly different from the basic cycle (for example, International Publication No. 2014/115455). The cyber attack detection unit 330 identifies an attack content (attack target and attack method) based on a communication cycle or the like, and transmits an ID indicating the identified attack content to the risk analysis unit 340.
  • an attack content attack target and attack method
  • the risk analysis unit 340 analyzes the risk for the detected cyber attack (S12). Specifically, when the risk analysis unit 340 receives an ID indicating the attack content from the cyber attack detection unit 330, the risk analysis unit 340 refers to the risk analysis DB 342 to obtain a total score (degree of risk) for the attack indicated by the received ID. Then, the information indicating the total score is transmitted to the notification method determination unit 360. For example, when “123” is received as the ID, the risk analysis unit 340 refers to the risk analysis DB 342, acquires “12” as the total score for the attack indicated by the received ID, and transmits it to the notification method determination unit 360. (See FIG. 6).
  • the notification method determination unit 360 determines whether to notify the driver of the vehicle 50 based on the received score (S13). Specifically, the notification method determination unit 360 compares the received score with a threshold value, and determines that it is necessary to notify the driver when the received score is larger than the threshold value. In the following cases, it is determined that there is no need to notify the driver. In this way, when the degree of cyber attack risk is low, the driver is not notified of the attack, but only when the risk of cyber attack is high. As a result, the driver's concentration can be reduced from being disturbed by a notification regarding a low-risk cyber attack with respect to the driving driver.
  • the notification method determination unit 360 acquires information (vehicle speed, shift position, power supply state) regarding the vehicle state from the vehicle state acquisition unit 320 (S14). Furthermore, the notification method determination unit 360 determines whether or not the vehicle is traveling based on at least one of the vehicle speed and the shift position. For example, when the vehicle speed is equal to or higher than a certain speed, it can be determined that the vehicle is traveling. Also, it can be determined that the vehicle is running based on the shift position.
  • the notification method determination unit 360 determines the state of the driver, here, the position of the driver based on the information on the vehicle state (S15). For example, when the vehicle speed is equal to or higher than a certain speed, it is considered that the vehicle is traveling and the driver is driving the vehicle. For this reason, the notification method determination unit 360 determines that the driver is in the vehicle when the vehicle speed is equal to or higher than a certain speed. Also, based on the shift position, it can be determined whether or not the vehicle is traveling, that is, whether or not the driver is driving the vehicle. For this reason, when the shift position satisfies a predetermined condition, the notification method determination unit 360 determines that the driver is in the vehicle. Further, when an air conditioner or the like is used in the vehicle, the power supply state also changes. From this, when the power state satisfies a predetermined condition, the notification method determination unit 360 determines that the driver is in the vehicle.
  • the notification method determination unit 360 determines a notification method to the driver based on the driver position and the vehicle state (S16). Here, the notification method determination unit 360 determines whether to notify a notification device in the vehicle, a notification device outside the vehicle, or both notification devices.
  • FIG. 10 is a diagram showing conditions for determining the notification method.
  • the notification method determination unit 360 determines whether the notification device in the vehicle or the notification device outside the vehicle is based on the position of the driver (inside or outside the vehicle) and the vehicle state (whether or not the vehicle is running). Decide whether to notify or both.
  • the driver when it is determined that the driver is in the vehicle and the vehicle is running, the driver is very likely to be in the vehicle, so notification is only given to the notification device in the vehicle. If it is determined that the driver is in the vehicle but the vehicle is not running, the driver may be outside the vehicle in addition to the vehicle, so notify both the notification device inside the vehicle and the notification device outside the vehicle. Do. If it is determined that the driver is out of the vehicle and the vehicle is not running, the driver is very likely to be out of the vehicle, so only the notification device outside the vehicle is notified.
  • the notification method determination unit 360 notifies at least one of the notification device inside the vehicle and the notification device outside the vehicle according to the determined notification method (S17 to S28).
  • the notification method determination unit 360 acquires information on the driver's state (mental state) from the driver state acquisition unit 310 (S18). .
  • information on the driver's state As information on the driver's state (mental state), the driver's facial expression, respiratory activity, heart rate, heart rate fluctuation, and riding state are acquired.
  • FIG. 11A and FIG. 11B are diagrams illustrating the arrangement of the camera 401 and the sensors 403 and 405 for acquiring information regarding such a driver's state (mental state).
  • the camera 401 is disposed in the front part of the passenger compartment so that the facial expression of the driver 30 can be captured.
  • the seating sensor 403 is disposed in the driver seat 62.
  • the sweat sensor 405 is attached to the left and right portions of the handle 64 that is frequently held by the driver during normal operation.
  • the notification method determination unit 360 analyzes the image captured by the camera 401 and recognizes the facial expression of the driver. Furthermore, the notification method determination unit 360 grasps the fluctuation of the heartbeat of the driver, the heart rate, the respiratory activity, and the riding state (presence / absence of seating) based on the detection signal from the seating sensor 403. Further, the notification method determination unit 360 detects the state of mental sweating of the driver from the sweat sensor 405.
  • the notification method determination unit 360 determines the driver state (mental state) based on information acquired from the camera 401 and the sensors 403 and 405. Hereinafter, a method for determining the driver state (mental state) will be described.
  • FIG. 12 is a diagram showing a correspondence relationship between information acquired from the camera 401 and the sensors 403 and 405 and parameters for determining the mental state of the driver.
  • the notification method determination unit 360 sets parameters based on the information acquired from the camera 401 and the sensors 403 and 405 according to the correspondence shown in FIG.
  • the notification method determination unit 360 analyzes the image acquired from the camera 401 and sets “joy”, “surprise”, “anger”, “sadness”, or “true face” as parameters related to the facial expression of the driver. obtain. Further, the notification method determination unit 360 obtains “increase” or “steady state” as a parameter of the amount of mental sweating from the detection signal of the sweating sensor 405. In addition, the notification method determination unit 360 obtains parameters relating to heart rate fluctuation, heart rate, and respiratory activity from the detection signal from the seating sensor 403. For example, the heart rate fluctuation parameter is set based on the ratio of the low frequency signal (LF value) to the wide frequency signal (HF value) of the detection signal from the seating sensor 403.
  • LF value low frequency signal
  • HF value wide frequency signal
  • FIG. 13 is a diagram illustrating a correspondence relationship between parameters set based on information acquired from the camera 401 and the sensors 403 and 405 and a driver state (mental state).
  • the notification method determination unit 360 determines the mental state based on the set parameters according to the correspondence shown in FIG.
  • the value of the “expression” parameter is “anger”
  • the value of the “mental sweating” parameter is “increase”
  • the value of the “heartbeat fluctuation” parameter is “increased LF / HF value”
  • “heartbeat” When the “number” parameter is “increased” and the “breathing activity” parameter is “frequency reduction”, “Standing / Irritation” is obtained as the driver state (mental state).
  • the notification method determining unit 360 acquires the driver characteristic (personality) from the driver characteristic holding unit 350 (S19).
  • the notification method determination unit 360 determines the content of notification to the driver based on the driver state (mental state) and driver characteristics (S20).
  • the notification method determination unit 360 generates attack information and response information as information to be notified to the driver.
  • the attack information includes information (for example, a text message) indicating the content of the attack (that is, attack target and attack method).
  • the correspondence information includes information (for example, a text message) indicating a countermeasure to be taken by the driver against the attack.
  • the attack information the driver can grasp the contents of the cyber attack.
  • the response information the driver can grasp the countermeasures that the driver should take in response to the cyber attack.
  • the notification method determination unit 360 determines the degree of detail (or simplicity) of the contents of the attack information and the response information based on the driver state (mental state) and driver characteristics (personality).
  • FIG. 14 is a diagram illustrating a relationship among a driver state (mental state), a driver characteristic (personality), and a degree of detail (conciseness) of notification contents.
  • the notification method determination unit 360 determines the detailed level of the notification content based on the correspondence shown in FIG. 14 based on the driver state (mental state) and the driver characteristics (character).
  • the attack information and the response information are set to detailed contents.
  • the safe driving type driver is normal, detailed attack information and response information are notified. As a result, sufficient information can be transmitted to the driver, and an appropriate response can be expected.
  • the attack information and response information are set to simple contents. Notifying a driver in an irritated state of detailed attack information may increase the irritability and disrupt the driver's mental state. For this reason, it is considered that information can be transmitted more safely and reliably to the driver by notifying simple information.
  • the cyber attack notification device 10 changes the degree of detail (in other words, simplicity) of the information to be notified according to the driver's personality and the driver's mental state. As a result, cyber attack information can be appropriately transmitted according to the current state of the driver.
  • the notification method determination unit 360 internally stores table information indicating the correspondence relationships illustrated in FIGS. 12 to 14 in order to perform the above processing.
  • FIG. 15 shows an example of the contents of attack information with different detail levels.
  • FIG. 16 shows an example of the contents of correspondence information with different detail levels. 15 and 16, the level indicating the level of detail is set in four levels: “more detailed”, “detailed”, “concisely”, and “more concisely”. The amount of information transmitted in a message decreases as it goes from “more in detail” to “more concisely”. A message having details (conciseness) corresponding to each level is set in the notified message.
  • the notification method determination unit 360 notifies the notification device in the vehicle and the notification device outside the vehicle that a cyber attack has been received with the determined notification content (S21, S22).
  • the notification method determination unit 360 acquires the driver state (mental state) from the driver state acquisition unit 310 ( S24), driver characteristics are acquired from the driver characteristic holding unit 350 (S25). The notification method determination unit 360 determines the notification content to the driver based on the driver state (mental state) and the driver driving characteristics (S26), and transmits the determined notification content to the notification device outside the vehicle (S27).
  • the notification method determination unit 360 notifies the notification device outside the vehicle of the attack content (attack target and attack method). (S28).
  • the cyber attack notification device 10 of the present embodiment it is determined whether or not to notify the driver according to the degree of cyber attack risk (S12, S13). This prevents the driver from being notified when a cyber attack with a low risk is received, thereby preventing the driver's concentration from being reduced due to frequent notifications.
  • the cyber attack notification device 10 determines a notification destination device (in-vehicle notification device, external notification device or both) based on the driver state (driver position) and the vehicle state. As a result, it is possible to notify the driver of information related to the cyber attack reliably and appropriately.
  • the cyber attack notification device 10 when receiving a cyber attack, notifies the attack information indicating the content of the cyber attack and the corresponding information indicating the countermeasure method for the cyber attack.
  • the driver can recognize the contents of the cyber attack and also can recognize the countermeasures against the cyber attack, so that an appropriate response can be taken promptly.
  • the cyber attack notification device 10 determines the degree of detail of information to be notified based on the mental state of the driver and the characteristics (characters) of the driver. As a result, notification is made in an appropriate manner according to the state of the driver (particularly mental state) at the time of the cyber attack, so the driver can take appropriate measures against the cyber attack. .
  • the cyber attack notification device 10 of the present embodiment is a device that is mounted on the vehicle 50 and notifies the cyber attack on the vehicle 50.
  • the cyber attack notification device 10 includes a cyber attack detection unit 330 that detects a cyber attack on the vehicle 50, a driver state input unit 310a that inputs a driver state, and an in-vehicle notification device 520 (example of a first device).
  • a notification method determination unit 360 that determines a device to be notified from among external notification devices 510 (second device example) outside the vehicle, such as a mobile phone having a telephone number and a mail address registered in advance.
  • an abnormality notification unit 380 for notifying the determined device of information relating to the detected cyber attack.
  • the notification method determination unit 360 determines whether the driver is inside or outside the vehicle (S15), and determines a device for notifying information based on the determined result (S16).
  • a device to notify information is determined based on the determination result. Therefore, information can be reliably and appropriately transmitted to the driver. For example, it is possible to prevent notification of the driver's smartphone while driving, and to prevent the driver from being distracted by the smartphone. In addition, when the driver is outside the vehicle, the information can be reliably transmitted to the driver by notifying the notification device outside the vehicle.
  • the content of information to be notified is determined based on the driver status and driver characteristics. As a result, it is possible to notify the driver of appropriate information according to the driver's state and individuality. This allows the driver to act calmly without being panicked when notified of a cyber attack.
  • the cyber attack notification device 10 further includes a risk analysis unit 340 that analyzes the risk of the detected cyber attack. And the notification method determination part 360 determines the necessity of notification according to an analysis result (S12, S13). Thus, since the notification is made only when the risk of cyber attack is high, that is, when the importance is high, it is possible to reduce the driver from overlooking important notifications with high influence.
  • the notification method determination unit 360 determines the mental state of the driver based on the driver's state (S18, S24), and changes the details of the information to be notified according to the mental state of the driver and the characteristics of the driver (S20, S24). S26, FIG. 14). This makes it possible to create a message according to the personality of the driver and the mental state at that time. It is possible to prevent or reduce the feeling of anxiety, impatience, etc., when a driver in a state of frustration, impatience, nervousness, etc. is notified of a cyber attack.
  • the cyber attack notification device 10 notifies attack information including information indicating a target subjected to a cyber attack and information indicating a cyber attack method. Further, the cyber attack notification device 10 transmits correspondence information instructing a countermeasure method for the detected cyber attack. As a result, the driver who has received the notification can grasp the contents and countermeasures of the cyber attack.
  • the present embodiment discloses a cyber attack notification method for notifying information related to a cyber attack on a vehicle using a cyber attack notification device.
  • the cyber attack notification method is A step (S11) in which the control unit (110, 300) of the cyber attack notification device mounted on the vehicle detects a cyber attack on the vehicle; Step (S18, S24) in which the control unit acquires the state of the driver; A step of acquiring information indicating characteristics of the driver (S19, S25); A step of determining whether the driver is inside or outside the vehicle (S15); Based on the result of the determination by the control unit, from among the first device (520) in the vehicle and the second device (510) outside the vehicle such as a mobile phone having a telephone number, a mail address, etc. registered in advance. Determining a device to notify information related to the detected cyber attack (S16); The control unit includes a step (S21, S22, S27, S28) of notifying the determined device of information related to the cyber attack.
  • the cyber attack notification method may further include a step (S12) in which the control unit analyzes the risk of cyber attack, and a step (S13) in which the control unit determines necessity of notification according to the analysis result. .
  • control unit determines the content of information to be notified (for example, text, degree of detail) according to the driver's mental state and the driver's characteristics (S20, S26); May be further provided.
  • the information acquired by the driver state acquisition unit 310 shown in the above embodiment is an example, and other types of information may be acquired as long as the mental state of the driver can be detected.
  • the information which the vehicle state acquisition part 320 shown by said embodiment acquires is an example, and if it can detect the state of a vehicle, you may acquire other types of information.
  • the external notification device 510 may be a device installed in an external organization such as a certification body or a government agency.
  • the information to be notified when a cyber attack is received is not limited to the above example.
  • the information to be notified may include at least one of the date and time of the cyber attack, the location, the information specifying the driver, and the information specifying the vehicle.
  • external notification device 510 and the in-vehicle notification device 520 described in the above embodiment are merely examples, and are not limited thereto.
  • These devices 510 and 520 can be configured by various devices as long as they can present information in a predetermined format (image, sound, text, light, etc.).
  • the cyber attack notification device 10 holds the driver characteristic (personality) information in the internal driver identification holding unit 350, but the driver characteristic (personality) information is stored in an external device (for example, a cloud It may be obtained from the above server).
  • the driver state acquisition unit 310, the vehicle state acquisition unit 320, the notification control unit 300, and the abnormality notification unit 380 are each configured as an ECU.
  • these functional units may not be an ECU. . If each function can be realized, these functional units can be realized by an arbitrary electronic device (or electronic circuit).

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Business, Economics & Management (AREA)
  • Emergency Management (AREA)
  • Mechanical Engineering (AREA)
  • Computer Hardware Design (AREA)
  • Traffic Control Systems (AREA)
  • Computer And Data Communications (AREA)
  • Emergency Alarm Devices (AREA)

Abstract

L'invention concerne : un dispositif pour détecter une cyberattaque sur un véhicule et effectuer un signalement d'une telle attaque, lequel dispositif permet un signalement par un procédé de signalement approprié qui est conforme à l'état du conducteur ; et un procédé. Un dispositif de signalement de cyberattaque (10) est installé sur un véhicule et effectue un signalement vis-à-vis d'une cyberattaque sur le véhicule. Le dispositif de signalement de cyberattaque comprend : une unité de détection de cyberattaque (330) pour détecter une cyberattaque sur le véhicule ; une unité d'entrée d'état de conducteur (310a) pour acquérir une information indiquant l'état du conducteur ; une unité de détermination de procédé de signalement (360) pour déterminer un appareil auquel doit être effectué un signalement, entre un premier appareil (520) qui se trouve à l'intérieur du véhicule et un second appareil (510) qui se trouve à l'extérieur du véhicule ; et une unité de signalement d'anomalie (380) pour signaler à l'appareil déterminé une information concernant la cyberattaque. L'unité de détermination de procédé de signalement détermine l'appareil auquel doit être signalée l'information, sur la base du fait que le conducteur se trouve à l'intérieur du véhicule ou à l'extérieur du véhicule.
PCT/JP2019/009946 2018-06-15 2019-03-12 Dispositif de signalement et procédé de signalement de cyberattaque WO2019239658A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2018-114225 2018-06-15
JP2018114225A JP2019219709A (ja) 2018-06-15 2018-06-15 サイバー攻撃通知装置及び通知方法

Publications (1)

Publication Number Publication Date
WO2019239658A1 true WO2019239658A1 (fr) 2019-12-19

Family

ID=68842013

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2019/009946 WO2019239658A1 (fr) 2018-06-15 2019-03-12 Dispositif de signalement et procédé de signalement de cyberattaque

Country Status (2)

Country Link
JP (1) JP2019219709A (fr)
WO (1) WO2019239658A1 (fr)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP7359002B2 (ja) * 2020-01-23 2023-10-11 株式会社デンソー サイバー攻撃分析支援装置
JP7307117B2 (ja) * 2021-04-07 2023-07-11 矢崎総業株式会社 車載システム

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH09159482A (ja) * 1995-12-06 1997-06-20 Nissan Motor Co Ltd 表示装置
JP2003112591A (ja) * 2001-10-05 2003-04-15 Hitachi Ltd 車載システム
JP2007246024A (ja) * 2006-03-17 2007-09-27 Mazda Motor Corp 車両用情報提供装置
JP2008241309A (ja) * 2007-03-26 2008-10-09 Denso Corp 車両用サービス提示装置
JP2013050792A (ja) * 2011-08-30 2013-03-14 Navitime Japan Co Ltd 情報配信装置、情報配信システム、情報配信方法および情報配信プログラム
JP2017112594A (ja) * 2015-12-14 2017-06-22 パナソニック インテレクチュアル プロパティ コーポレーション オブ アメリカPanasonic Intellectual Property Corporation of America セキュリティ装置、ネットワークシステム及び攻撃検知方法

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH09159482A (ja) * 1995-12-06 1997-06-20 Nissan Motor Co Ltd 表示装置
JP2003112591A (ja) * 2001-10-05 2003-04-15 Hitachi Ltd 車載システム
JP2007246024A (ja) * 2006-03-17 2007-09-27 Mazda Motor Corp 車両用情報提供装置
JP2008241309A (ja) * 2007-03-26 2008-10-09 Denso Corp 車両用サービス提示装置
JP2013050792A (ja) * 2011-08-30 2013-03-14 Navitime Japan Co Ltd 情報配信装置、情報配信システム、情報配信方法および情報配信プログラム
JP2017112594A (ja) * 2015-12-14 2017-06-22 パナソニック インテレクチュアル プロパティ コーポレーション オブ アメリカPanasonic Intellectual Property Corporation of America セキュリティ装置、ネットワークシステム及び攻撃検知方法

Also Published As

Publication number Publication date
JP2019219709A (ja) 2019-12-26

Similar Documents

Publication Publication Date Title
US20200351281A1 (en) Systems and methods for detection of malicious activity in vehicle data communication networks
US11210873B2 (en) Safety for vehicle users
US9679210B2 (en) Using passive driver identification and other input for providing real-time alerts or actions
US9401923B2 (en) Electronic system for detecting and preventing compromise of vehicle electrical and control systems
EP3825981B1 (fr) Appareil d'avertissement et dispositif d'analyse de tendance de conduite
US11557125B2 (en) Method for monitoring the environment of a vehicle
US11995181B2 (en) Vehicle surveillance device and vehicle surveillance method
JP2009040239A (ja) 機器制御装置および方法、並びに、プログラム
CN106740862A (zh) 驾驶员状态监控方法及驾驶员状态监控装置
US20160378103A1 (en) System and method for detecting malicious activity and harmful hardware/software modifications to a vehicle
US20210078539A1 (en) Vehicle intelligent assistant using contextual data
JP2016179810A (ja) 自動走行制御装置及び自動走行制御システム
WO2019239658A1 (fr) Dispositif de signalement et procédé de signalement de cyberattaque
CN104276037A (zh) 限制或强制激活机动车功能的方法和装置
KR101446525B1 (ko) 차량 해킹 방지 시스템, 방법, 및 상기 방법을 실행시키기 위한 컴퓨터 판독 가능한 프로그램을 기록한 매체
CN113239871B (zh) 一种车内危险场景处理方法、装置、系统及电子设备
JP2011192031A (ja) 制御装置及び運転安全性保護方法
WO2015057979A1 (fr) Système et procédé de détection d'activité malveillante et de modifications malfaisantes matérielles/logicielles à un véhicule
CN113129475A (zh) 一种监控方法、装置和车辆
CN112298172A (zh) 一种车载主动安全系统、方法及存储介质
CN115716459A (zh) 一种车辆行驶中保障车内人员安全的方法、装置
CN112208475B (zh) 用于车辆乘员的安全保护系统、车辆及相应的方法和介质
WO2016152834A1 (fr) Dispositif et système de commande de déplacement automatique
US12033446B2 (en) Safety for vehicle users
CN110126723A (zh) 锁具控制系统、方法、装置、存储介质及电子装置

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19820173

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 19820173

Country of ref document: EP

Kind code of ref document: A1